Article image


Laravel -

Aug 27 2019

Dino Numic

Creating authentication in Laravel is a breeze mostly because everything is pretty much laid out for the developer. Unless you really know what you are doing, a default authentication module provided by the Laravel will be enough for most of the applications.

Out of the box Laravel is one of the most secure framework. Built in authentication uses bcrypt for password hashing and AES-256 for cookie and session encryption with a 32 bit key generated upon project creation located in env under APP_KEY.

Without going too much into encryption algorithms, I will just mention that brute-forcing a 256-bit key can consists of 2256 combinations and a computer that is capable of achieving this in any relevant time is not yet available.

I assume you have a Laravel application installed at this point. If you don’t you can check out a fancy how to install guide I made right here.

Laravel provides a neat function php artisan make:auth that quickly generates a scaffold of routes, views, and controllers used for the authentication.

Inside web route you will now have:


Route::get('/home', 'HomeController@index')->name('home');

If we run php artisan route:list command we can observe the following route structure.

We can notice that under Auth::routes() Laravel registered many routes which of course you can manually write yourself.

We also got a whole set of Auth controllers inside our controller folder as well as a HomeController where the logged in user will be sent after successful login.

Laravel will also create an auth views folder, default app layout and a home view.

Now we need to run our migration files in order to create users and password resets table. In the terminal type in php artisan migrate. Now, depending on the version of your database and the Laravel application you may be greeted with the following error message:

Illuminate\Database\QueryException : SQLSTATE[42000]: Syntax error or access violation: 1071 Specified key was too long; max key length is 767 bytes (SQL: alter table `users` add unique `users_email_unique`(`email`))

Laravel 5.4 changed the default database character set to utf8mb4 which causes our query to fail. In order to fix this issue update AppServiceProvider class in the App\Providers to match the following. 


namespace App\Providers;
use Illuminate\Support\Facades\Schema;
use Illuminate\Support\ServiceProvider;

class AppServiceProvider extends ServiceProvider
     * Register any application services.
     * @return void
    public function register()
     * Bootstrap any application services.
     * @return void
    public function boot()

Our previously failed query left us with a partially created table. We can not run the same php artisan migrate command as it will complain about base table already existing. However, we can use a different command php artisan migrate:fresh in order to recreate all tables. Be careful with this command especially in production environment.

Now start you Laravel server and go to the starting page. 

If you can see this screen after visiting /register url congratulations to you, you have done it.